Malware Analysis Report

2025-01-02 05:16

Sample ID 231111-cl1bysee9v
Target b4e4a47303b296707c6b3dfa89a56f578f831190972b3eb1b15876b8903a52bb
SHA256 b4e4a47303b296707c6b3dfa89a56f578f831190972b3eb1b15876b8903a52bb
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b4e4a47303b296707c6b3dfa89a56f578f831190972b3eb1b15876b8903a52bb

Threat Level: Known bad

The file b4e4a47303b296707c6b3dfa89a56f578f831190972b3eb1b15876b8903a52bb was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

Detect Mystic stealer payload

RedLine payload

Mystic

RedLine

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 02:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 02:10

Reported

2023-11-11 02:13

Platform

win10v2004-20231020-en

Max time kernel

169s

Max time network

180s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b4e4a47303b296707c6b3dfa89a56f578f831190972b3eb1b15876b8903a52bb.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\b4e4a47303b296707c6b3dfa89a56f578f831190972b3eb1b15876b8903a52bb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu9zi31.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 404 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\b4e4a47303b296707c6b3dfa89a56f578f831190972b3eb1b15876b8903a52bb.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu9zi31.exe
PID 404 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\b4e4a47303b296707c6b3dfa89a56f578f831190972b3eb1b15876b8903a52bb.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu9zi31.exe
PID 404 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\b4e4a47303b296707c6b3dfa89a56f578f831190972b3eb1b15876b8903a52bb.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu9zi31.exe
PID 4316 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu9zi31.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe
PID 4316 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu9zi31.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe
PID 4316 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu9zi31.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe
PID 4996 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe
PID 4996 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe
PID 4996 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe
PID 4948 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 336 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 336 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3096 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3096 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4460 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4460 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3996 wrote to memory of 3396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3996 wrote to memory of 3396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 4464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 4464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3604 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3604 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1676 wrote to memory of 1340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1676 wrote to memory of 1340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4996 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4JA2lT9.exe
PID 4996 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4JA2lT9.exe
PID 4996 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4JA2lT9.exe
PID 1624 wrote to memory of 5980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b4e4a47303b296707c6b3dfa89a56f578f831190972b3eb1b15876b8903a52bb.exe

"C:\Users\Admin\AppData\Local\Temp\b4e4a47303b296707c6b3dfa89a56f578f831190972b3eb1b15876b8903a52bb.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu9zi31.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu9zi31.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff6e1f46f8,0x7fff6e1f4708,0x7fff6e1f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7fff6e1f46f8,0x7fff6e1f4708,0x7fff6e1f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x14c,0x17c,0x7fff6e1f46f8,0x7fff6e1f4708,0x7fff6e1f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff6e1f46f8,0x7fff6e1f4708,0x7fff6e1f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff6e1f46f8,0x7fff6e1f4708,0x7fff6e1f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff6e1f46f8,0x7fff6e1f4708,0x7fff6e1f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff6e1f46f8,0x7fff6e1f4708,0x7fff6e1f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7fff6e1f46f8,0x7fff6e1f4708,0x7fff6e1f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x80,0x16c,0x7fff6e1f46f8,0x7fff6e1f4708,0x7fff6e1f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fff6e1f46f8,0x7fff6e1f4708,0x7fff6e1f4718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4JA2lT9.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4JA2lT9.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,12640358985281227960,1928029159585139020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12640358985281227960,1928029159585139020,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,6077904855118913013,7172703066647980765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3336303193424569973,1426164476480035592,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,3737072102143208868,4990184104868033708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3336303193424569973,1426164476480035592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,12250998392308949974,17625850435188794596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1808,2399355427263722086,14649617887075201839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12250998392308949974,17625850435188794596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,2399355427263722086,14649617887075201839,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3737072102143208868,4990184104868033708,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,6596433989639054570,9001138438536729899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,15149050070503006144,3214692498195106356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,6596433989639054570,9001138438536729899,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,15149050070503006144,3214692498195106356,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,6077904855118913013,7172703066647980765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7025714569026286775,7881733284011738529,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,7025714569026286775,7881733284011738529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5rO13dc.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5rO13dc.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6608 -ip 6608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18291847834582642619,14126318559499455454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9420 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6wA611.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6wA611.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 121.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
US 3.221.61.110:443 www.epicgames.com tcp
US 3.221.61.110:443 www.epicgames.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 190.119.177.108.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 110.61.221.3.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 t.co udp
US 68.232.34.217:443 video.twimg.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
NL 142.250.179.150:443 i.ytimg.com tcp
US 104.244.42.5:443 t.co tcp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 44.214.245.214:443 tracking.epicgames.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu9zi31.exe

MD5 2421c21aa5eb528a5a3a1e54e929205f
SHA1 5740da92b247e034a4222e7b4debf73970ea4059
SHA256 48c3723025723befe2d455e669b2299b2634c097a42e2a638475e34ff0157469
SHA512 f0f8f9b8ec3f03d646c67f9c8264679ae24e9441806aa6a31be16f29d9b013b4a7d8856574dbad6a033e8df3b3385e0cb82562658d2a7497e640733c5168c7be

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu9zi31.exe

MD5 2421c21aa5eb528a5a3a1e54e929205f
SHA1 5740da92b247e034a4222e7b4debf73970ea4059
SHA256 48c3723025723befe2d455e669b2299b2634c097a42e2a638475e34ff0157469
SHA512 f0f8f9b8ec3f03d646c67f9c8264679ae24e9441806aa6a31be16f29d9b013b4a7d8856574dbad6a033e8df3b3385e0cb82562658d2a7497e640733c5168c7be

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe

MD5 f3c2ce17f5ff1df32858955810863053
SHA1 2f48a9547d91aec2424f0d577b787d53c63cb366
SHA256 e4e04c9c520203bcf8f65334c48e7255b928fb86f6198512614085e4c4c792e5
SHA512 9dd262998f97697fcf64aa576e27098aa7c36a69e50a9706220a3f512804f34600b19396938641d433d8938d2aaa189415c487d3999f61d77770a9951078dcbf

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FN3qu60.exe

MD5 f3c2ce17f5ff1df32858955810863053
SHA1 2f48a9547d91aec2424f0d577b787d53c63cb366
SHA256 e4e04c9c520203bcf8f65334c48e7255b928fb86f6198512614085e4c4c792e5
SHA512 9dd262998f97697fcf64aa576e27098aa7c36a69e50a9706220a3f512804f34600b19396938641d433d8938d2aaa189415c487d3999f61d77770a9951078dcbf

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe

MD5 2878247eaf049c5219f9eefc733df820
SHA1 b99dc0331bb54c9571a9d183679c38ffaae03066
SHA256 637f70558b007bfe97ae831c9d8c0fe80e47c92d5572c2d3578f267bb17d5992
SHA512 3d9d0eb2bf2f5080a5fe0f7fe9d10b2b66b656298f08c717abfde04a82d212bbd66c93fcf519c0374b1e3e601619818b2940ce344c3a09e99e97aa6b3408a0bf

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bh781pQ.exe

MD5 2878247eaf049c5219f9eefc733df820
SHA1 b99dc0331bb54c9571a9d183679c38ffaae03066
SHA256 637f70558b007bfe97ae831c9d8c0fe80e47c92d5572c2d3578f267bb17d5992
SHA512 3d9d0eb2bf2f5080a5fe0f7fe9d10b2b66b656298f08c717abfde04a82d212bbd66c93fcf519c0374b1e3e601619818b2940ce344c3a09e99e97aa6b3408a0bf

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4JA2lT9.exe

MD5 8e2f0a5d1308ab1b7497bf578a669a2d
SHA1 bb92856fd0bee94a830bbd70f564ec94b5502bcd
SHA256 eb89d62ad97d191a663e7839fde1e5ea5b7df92861ad3a7f9650f5715e54ff74
SHA512 75b10b0d965fdeb845273fc601176bf61e0c36b880c691fc5f20dec5f3263b6c72ca0075696fb46c9f5db8e776aab457ab3df08fd1536d53541de16e92303889

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4JA2lT9.exe

MD5 8e2f0a5d1308ab1b7497bf578a669a2d
SHA1 bb92856fd0bee94a830bbd70f564ec94b5502bcd
SHA256 eb89d62ad97d191a663e7839fde1e5ea5b7df92861ad3a7f9650f5715e54ff74
SHA512 75b10b0d965fdeb845273fc601176bf61e0c36b880c691fc5f20dec5f3263b6c72ca0075696fb46c9f5db8e776aab457ab3df08fd1536d53541de16e92303889

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_3360_TQSCUWOWJZRZKUDC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1132_TNTTMMZSLJSQYKOU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3604_URFGLRXELDOIILGP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3512_QTCKDNCMOHXEQBSU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_1676_JUSTEQETCYUSJNSR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1624_OKISEBHJKGEUUYSL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3096_DJCAUWFMFJJXEWUQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_336_INZDOYSOHTYZPAAB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_3996_MKACDWOVJZEXKOIJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4460_KUPMRRIKUVPFFSEQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d192ad599e9c251b341f63aa97aec260
SHA1 470b3bac901dc423905d101b1407e8a76de21354
SHA256 738347cf27422a0a4ed722c2b911aa2c22404d3136dbb036a3f7a37e63426af4
SHA512 dfd827f69d38968b284d5e97fb2082070301b7baf6455314e7031b7a4fcd9896c5e3fbb5a73227e536039fa332fd1dca4b82a854e76329168b8bcd304f8e4dca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d192ad599e9c251b341f63aa97aec260
SHA1 470b3bac901dc423905d101b1407e8a76de21354
SHA256 738347cf27422a0a4ed722c2b911aa2c22404d3136dbb036a3f7a37e63426af4
SHA512 dfd827f69d38968b284d5e97fb2082070301b7baf6455314e7031b7a4fcd9896c5e3fbb5a73227e536039fa332fd1dca4b82a854e76329168b8bcd304f8e4dca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a60cbf59-82b0-4519-b88c-9223cb691596.tmp

MD5 0e9b16f1946a26ae193dff485560f3d7
SHA1 30b32197a4782138d265ab4fb00d91783fc626ed
SHA256 da34c52ce17f3654bc8957542958688a4854b9b36a2f14a513826c7c4728c464
SHA512 7c7ffc2cf8a8438682b0f7338f0f8bb180696cddebbf243c2333072eb7d15ccd7e366d73d9a613529ea0cadaafb5641cfa7e478bec323fb604ba78b420f49120

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7b85c108948bbe47c2ebeadd542a367
SHA1 7ea9e8096d8cb65f70120b91eb20e0f66a8f8624
SHA256 520082f7d2210b2b6a4770c8caff23c2b7a6a8b38a6b05ab9ac010b86bc2f16f
SHA512 e6beeec0fa8f503cc3b11283311be1520eecf0d498b08cd6894a9d2daf0ae14842db56e60a5838705247c1fcbbc30daf5d00142fb242a4c26fbe97d302728658

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f2b8a0944d0482ca0a4c4a05b181b343
SHA1 7f5ecee9fc2f9417fe7282111f6c8178605a5636
SHA256 c6c0fc104f385af8c34fcd9565857785ad778ad5d0d2ae1e28fd31e01b023855
SHA512 6d106c2f3182acdac50883c218c8fc4b9d7292b34fd1c42d5c313c03f6ed5621509d88ca0d74885ea253f6839c44895996b876044768ec8020dd2b41d81109df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f2b8a0944d0482ca0a4c4a05b181b343
SHA1 7f5ecee9fc2f9417fe7282111f6c8178605a5636
SHA256 c6c0fc104f385af8c34fcd9565857785ad778ad5d0d2ae1e28fd31e01b023855
SHA512 6d106c2f3182acdac50883c218c8fc4b9d7292b34fd1c42d5c313c03f6ed5621509d88ca0d74885ea253f6839c44895996b876044768ec8020dd2b41d81109df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3b9da293-6687-44c7-a717-45320415d21e.tmp

MD5 59f1c96fe78171672f8c1f0731173840
SHA1 1e9f535e7160348f25a454f19d4714be0d4847bd
SHA256 866c1ccaecafcb7d8624716291e54be69d0b6a003bcd7e5d0efb743a83b2026a
SHA512 b8a730367975df42635d554579c7d50f3661f2468765fac852bec31596a1d87f3683806f74f45fc506ada0ce3cdf1f4ee669b7dafa5387ec08c5e056f31518d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6f77b084-93ee-45b7-a048-3a62d91de602.tmp

MD5 619cc3f9fa574374ce38bda5813560da
SHA1 512d729503d1be020cea07948f2e4c3030a6ad77
SHA256 27091204562c63a7384568cf1591b44112f0993c5459f26672850e800784bb86
SHA512 8697dc83f7d07513bd48571bf70f71799d8f294be9b7f91b7385bb084d8105345206f2b690c0c7bd9fad4303ae8b2dfa890b9761fec768cf3be8ca61fbeaab8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 619cc3f9fa574374ce38bda5813560da
SHA1 512d729503d1be020cea07948f2e4c3030a6ad77
SHA256 27091204562c63a7384568cf1591b44112f0993c5459f26672850e800784bb86
SHA512 8697dc83f7d07513bd48571bf70f71799d8f294be9b7f91b7385bb084d8105345206f2b690c0c7bd9fad4303ae8b2dfa890b9761fec768cf3be8ca61fbeaab8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e7fc50e39d811de34ba56bb9a66d1821
SHA1 1e000f4616306a5495d0b156c2cf02964280a6d6
SHA256 ac50baf5682385208a9a200911055b8057b20978d994a71b324ec5b588d4a034
SHA512 66de8b65ff5a33d90446f080febaec1a77249e3f046a6637fed78cfa97527684a4a82af1638f566197cc69b724d629efaabe96471f8c891aae4933a6c37c9b5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e7fc50e39d811de34ba56bb9a66d1821
SHA1 1e000f4616306a5495d0b156c2cf02964280a6d6
SHA256 ac50baf5682385208a9a200911055b8057b20978d994a71b324ec5b588d4a034
SHA512 66de8b65ff5a33d90446f080febaec1a77249e3f046a6637fed78cfa97527684a4a82af1638f566197cc69b724d629efaabe96471f8c891aae4933a6c37c9b5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 45a61b68c52689af195e7f7751e03790
SHA1 2b107874dac4fe92155b0dfb6347b6e269b54721
SHA256 c1b2c711851cba4a6d1dfd73b54c7cd1599879d1333cebf213c88bd85916389f
SHA512 7d2c80337646c683a6b40f5ccc87376d3257b66b232ea7bc40cc2e3e16702227c4153878f64584ab8f1868637214e621c86d56c4515c8ddbea65fb85e9846fa8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\826b9901-feba-4ce5-96d6-7618f45ab599.tmp

MD5 c7b85c108948bbe47c2ebeadd542a367
SHA1 7ea9e8096d8cb65f70120b91eb20e0f66a8f8624
SHA256 520082f7d2210b2b6a4770c8caff23c2b7a6a8b38a6b05ab9ac010b86bc2f16f
SHA512 e6beeec0fa8f503cc3b11283311be1520eecf0d498b08cd6894a9d2daf0ae14842db56e60a5838705247c1fcbbc30daf5d00142fb242a4c26fbe97d302728658

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\53a79f22-168f-4de1-bd6e-33cf938c25e8.tmp

MD5 45a61b68c52689af195e7f7751e03790
SHA1 2b107874dac4fe92155b0dfb6347b6e269b54721
SHA256 c1b2c711851cba4a6d1dfd73b54c7cd1599879d1333cebf213c88bd85916389f
SHA512 7d2c80337646c683a6b40f5ccc87376d3257b66b232ea7bc40cc2e3e16702227c4153878f64584ab8f1868637214e621c86d56c4515c8ddbea65fb85e9846fa8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e3d91d1a-f3c8-4d84-9d9b-5a59dd26e354.tmp

MD5 6114efbf6ded6fdc2ac54b04d9a8a1b9
SHA1 933a5350365dd1b9f23ec6b08f5968d76361760c
SHA256 3aac2da47fd129553067dd9013c342625193f92232b23ba8a943a638ca041871
SHA512 d83fbb2954494c3ecd9c16981abe9236b31ac5f9df8c4ec9d37a2e08c712170fbb91e86547db44d2bab0858f493a71ba38a3ad3734c319bf6ed5b4a913cadd86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7b85c108948bbe47c2ebeadd542a367
SHA1 7ea9e8096d8cb65f70120b91eb20e0f66a8f8624
SHA256 520082f7d2210b2b6a4770c8caff23c2b7a6a8b38a6b05ab9ac010b86bc2f16f
SHA512 e6beeec0fa8f503cc3b11283311be1520eecf0d498b08cd6894a9d2daf0ae14842db56e60a5838705247c1fcbbc30daf5d00142fb242a4c26fbe97d302728658

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e7fc50e39d811de34ba56bb9a66d1821
SHA1 1e000f4616306a5495d0b156c2cf02964280a6d6
SHA256 ac50baf5682385208a9a200911055b8057b20978d994a71b324ec5b588d4a034
SHA512 66de8b65ff5a33d90446f080febaec1a77249e3f046a6637fed78cfa97527684a4a82af1638f566197cc69b724d629efaabe96471f8c891aae4933a6c37c9b5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0e9b16f1946a26ae193dff485560f3d7
SHA1 30b32197a4782138d265ab4fb00d91783fc626ed
SHA256 da34c52ce17f3654bc8957542958688a4854b9b36a2f14a513826c7c4728c464
SHA512 7c7ffc2cf8a8438682b0f7338f0f8bb180696cddebbf243c2333072eb7d15ccd7e366d73d9a613529ea0cadaafb5641cfa7e478bec323fb604ba78b420f49120

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 619cc3f9fa574374ce38bda5813560da
SHA1 512d729503d1be020cea07948f2e4c3030a6ad77
SHA256 27091204562c63a7384568cf1591b44112f0993c5459f26672850e800784bb86
SHA512 8697dc83f7d07513bd48571bf70f71799d8f294be9b7f91b7385bb084d8105345206f2b690c0c7bd9fad4303ae8b2dfa890b9761fec768cf3be8ca61fbeaab8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 45a61b68c52689af195e7f7751e03790
SHA1 2b107874dac4fe92155b0dfb6347b6e269b54721
SHA256 c1b2c711851cba4a6d1dfd73b54c7cd1599879d1333cebf213c88bd85916389f
SHA512 7d2c80337646c683a6b40f5ccc87376d3257b66b232ea7bc40cc2e3e16702227c4153878f64584ab8f1868637214e621c86d56c4515c8ddbea65fb85e9846fa8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7549f5c4d4fa2a0ea15132480096ca60
SHA1 cc043f0003a082f2abfb649ebfae19a8e1af6d34
SHA256 20ca28876955dde7a4632c1c7338929b7a082c979e7c5ac035dcd34dbe2903b4
SHA512 ca58bdd2db7d60ffe7b61db422b16fdff3c51a6fa67c7420104fcc0ed47bf091edf4f8ccbb8ca5f3eac43cf40d890c6cabc8c148de1a7f58e1fdf480059afc43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 da294f939d4618e4f61bfa0660f9db03
SHA1 2a7ec1fb94f8a8d10e8b6c134e606469d3d8616c
SHA256 01934ddc119c08670ae1e70ecc398931bdcd9649b53468f8154b3dd51e52bd74
SHA512 a32107bb3bfef7c79a70da4f3cc780fc17ae194ccd32de6a7a2cc1a7bb3063cedb1abe2ad284d3442d61936ed330423135727a0ce001aa969ed1ccda7d71fcc1

memory/6608-447-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed104b5f2ec749e4360d7e30808fc1dd
SHA1 0808de7ef335013bd229372682a49c3f597bbff4
SHA256 fe756b1bd40e6575299024ac41899573df91a869a1e9a0ebd373cbed4324f433
SHA512 ddef0f91ced62f74b0a2dd501148b4a5caccae6747f63cbccb69cd21e158aa306835a58dc5328ee57cdf7b9ee8938ef4f1ce24cd53d534ede18e129895f75f5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e1239d32426a3cad2cbc979114ec1215
SHA1 2379b1825e744362336a548e3efbf3254592a848
SHA256 d1d0a891138e1677b9934e3b146739e04987c7d67776de801931eefb44d26f3f
SHA512 7080ea6af065d5d156d00b35055c2f910d327f564eec64c7c86ed488d31b64875feb469c5113e13ff22f31b06be7462a029a47ef7b9c38d7c5fdb9cf59d94394

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 fd20981c7184673929dfcab50885629b
SHA1 14c2437aad662b119689008273844bac535f946c
SHA256 28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22
SHA512 b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1a5a1b64b680c799cf46cf8c4b66bae1
SHA1 f037e44ea3ba3a7fbfad2e08fd6b516d6a80af5e
SHA256 38d76b4b75fd78128af16f28840a7c5a4f182b3f903171bda92fe2c313b41a0b
SHA512 8b720c37c236d4fb53fc1a2d26fb5bb3029577df961b0bfad2c1bb6eebad3467d7020cf55e01990d95a95576183f5a2a526f4ab22afb8fa1c198cda9021232a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d375848b6a520a61772eb41a04fc8b10
SHA1 e8cfee752e1f5a506f916b99fe2b53a10e839e12
SHA256 290d80c3bfc5686e95287da3748a181b60da4a87040790c9c9177847111dea3e
SHA512 a4a6572a6bb775d14351cea6c20822e456e460b49371f0e012a8350b1eef217394b42b8a6ecfc1f3baed1c1addb1f3ea1e304c440bb175d31071234cbe7d7b77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599030.TMP

MD5 0da88bbedb14222503d053630c3de970
SHA1 fd812c9f652f7a5bc6d8da54fbb3451ef3555852
SHA256 1611065db9d9d2b943bd20fd339508c2aee73ba44b22bdde18a32e73af11320a
SHA512 668d830624e525d315dc39c56a00aaf328d01ef3da8eb2ac48bb5ff1309fe171961466082938635d831c7089cf4be312a6ec13069bed505fe13b9300e508a587

memory/6608-509-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6608-510-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6608-513-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7076-569-0x0000000000400000-0x000000000043C000-memory.dmp